Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1292595
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: Logging in as an AD user most/a lot of times, some secondary IPA based Posix groups are missing. Doing some debugging the sssd_pac.log shows: (Mon Dec 14 18:34:13 2015) [sssd[pac]] [pac_user_get_grp_info] (0x2000): Group with SID [S-1-5-21-obfuscated] is not in the PAC anymore, membership must be removed. (Mon Dec 14 18:34:13 2015) [sssd[pac]] [pac_user_get_grp_info] (0x2000): Group with SID [S-1-5-21-obfuscated] is not in the PAC anymore, membership must be removed. Version-Release number of selected component (if applicable): ipa-4.2.0-15.el7_2.3 How reproducible: At random interval using AD trust users and IPA client 7.2 or 6.7 Steps to Reproduce: 1. 2. 3. Actual results: intermittently some groups are not shown for membership of AD users Expected results: AD user group membership should be reported all the time.
Aligning the ticket with BZ.
master:
ipa-4-3:
ipa-4-2:
Metadata Update from @pvoborni: - Issue assigned to sbose - Issue set to the milestone: FreeIPA 4.2.4
Login to comment on this ticket.